Aaron Margosis' "Non-Admin" WebLog : LUA Buglight 2.0, second preview: http://blogs.msdn.com/aaron_margosis/archive/2008/11/06/lua-buglight-2-0-second-preview.aspx
Mark Rockman wrote: > It be difficult to determine /a priori/ the settings for all the > access control lists and other security parameters that one must > establish for CAS to work. Perhaps a software assist would work > according to the following scenario. Run the program in the > environment in which it will actually be used. Assume minimal > permissions. Each time the program would fail due to violation of > some permission, notate the event and plow on. Assuming this is > repeated for every use case, the resulting reports would be a very > good guide to how CAS settings should be established for production. > Of course, everytime the program is changed in any way, the process > would have to be repeated. > > MARK ROCKMAN > MDRSESCO LLC > ------------------------------------------------------------------------ > > _______________________________________________ > Secure Coding mailing list (SC-L) SC-L@securecoding.org > List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l > List charter available at - http://www.securecoding.org/list/charter.php > SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) > as a free, non-commercial service to the software security community. > _______________________________________________ > _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________
